Commit graph

354 commits

Author SHA1 Message Date
Brian Kassouf 4b5092b375 Pull in updates 2019-04-02 16:37:44 -07:00
Jeff Mitchell 312a4c4702 Update go-jose 2019-04-01 17:55:07 -04:00
Jeff Mitchell f8db986144 Update plugins 2019-04-01 16:31:15 -04:00
Jim Kalafut 6e9faa74cd
Fix OpenAPI cleanResponse and test (#6454)
Add missing Headers field, along with a test to detect changes.

The custom decoder test should be ensuring only that the resulting
OpenAPI JSON outputs are equal. Updating the go-test deep library
reveals the error.
2019-03-26 11:08:56 -05:00
Jeff Mitchell 112fb393b8 Bump plugins now that they don't need Sermo 2019-03-20 17:50:06 -04:00
Jeff Mitchell 6797e21f54
Migrate from SermoDigital go Square JOSE (#6445) 2019-03-20 14:54:03 -04:00
Brian Kassouf 90ba293a53 Update kv plugin 2019-03-18 11:14:41 -07:00
Brian Kassouf 609076ae4b update kv plugin 2019-03-15 12:49:31 -07:00
Brian Kassouf 9acbebd376 Upgrade kv plugin 2019-03-15 12:06:17 -07:00
Brian Kassouf 777e7766ca Update plugins 2019-03-15 10:19:26 -07:00
Jim Kalafut 868b73bd8d
Update JWT plugin (#6415) 2019-03-14 14:18:09 -07:00
Jim Kalafut 1274a8d3d4
Update JWT plugin dependency and docs (#6345) 2019-03-05 09:46:04 -08:00
Brian Kassouf ad3605e657
Revert "filtered-path endpoint (#6132)" (#6337)
This reverts commit dfdbb0bad975fab447f49766baaa5a6c956f8e3d.
2019-03-04 14:08:21 -08:00
ncabatoff 8814fe1ba5 filtered-path endpoint (#6132)
* First pass at filtered-path endpoint.  It seems to be working, but there are tests missing, and possibly some optimization to handle large key sets.

* Vendor go-cmp.

* Fix incomplete vendoring of go-cmp.

* Improve test coverage.  Fix bug whereby access to a subtree named X would expose existence of a the key named X at the same level.

* Add benchmarks, which showed that hasNonDenyCapability would be "expensive" to call for every member of a large folder.  Made a couple of minor tweaks so that now it can be done without allocations.

* Comment cleanup.

* Review requested changes: rename some funcs, use routeCommon instead of
querying storage directly.

* Keep the same endpoint for now, but move it from a LIST to a POST and allow multiple paths to be queried in one operation.

* Modify test to pass multiple paths in at once.

* Add endpoint to default policy.

* Move endpoint to /sys/access/filtered-path.
2019-03-04 11:04:29 -08:00
Michel Vocks f2d022ac20
Print warning when 'tls_cipher_suites' includes blacklisted cipher suites (#6300)
* Implemented a warning when tls_cipher_suites includes only cipher suites which are not supprted by the HTTP/2 spec

* Added test for cipher suites

* Added hard fail on startup when all defined cipher suites are blacklisted. Added warning when some ciphers are blacklisted.

* Replaced hard failure with warning. Removed bad cipher util function and replaced it by external library.

* Added missing dependency. Fixed renaming of package name.
2019-03-01 16:48:06 +01:00
Jim Kalafut 8eb4a0c50a Update JWT plugin deps (#6313) 2019-02-28 17:49:50 -08:00
Jeff Mitchell 6208142a71 Update golang-lru dep which has a minor speedbump in the critical path 2019-02-27 17:51:06 -05:00
Brian Kassouf 26d8d318d7 Merge remote-tracking branch 'oss/master' into 1.1-beta 2019-02-19 12:17:15 -08:00
Martin 9044173d6e Prometheus support on v1/sys/metrics endpoint (#5308)
* initial commit for prometheus and sys/metrics support

* Throw an error if prometheusRetentionTime is 0,add prometheus in devmode

* return when format=prometheus is used and prom is disable

* parse prometheus_retention_time from string instead of int

* Initialize config.Telemetry if nil

* address PR issues

* add sys/metrics framework.Path in a factory

* Apply requiredMountTable entries's MountConfig to existing core table

* address pr comments

* enable prometheus sink by default

* Move Metric-related code in a separate metricsutil helper
2019-02-14 12:46:59 -08:00
Jim Kalafut 6aa32db736 Update jwt plugin 2019-02-14 11:03:26 -08:00
madalynrose 625f0c7546
Update OpenAPI responses to include information the UI can use (#6204) 2019-02-14 12:42:44 -05:00
Jim Kalafut 164ca0834b Update vendored JWT plugin 2019-02-12 17:08:04 -08:00
Jeff Mitchell 700ec3a19c Pull in updated plugins 2019-02-12 08:53:40 -05:00
Jim Kalafut df4139df51
Create alias and command for OIDC (#6206) 2019-02-11 13:37:55 -08:00
Jeff Mitchell 17755b8150 Update go-retryablehttp to get bodybytes, and circonus deps as those break without it 2019-02-01 17:13:21 -05:00
Jeff Mitchell bbc1d53a5d Revert "Refactor common token fields and operations into a helper (#5953)"
This reverts commit 66c226c593bb1cd48cfd8364ac8510cb42b7d67a.
2019-02-01 11:23:40 -05:00
Jeff Mitchell b94c29a8a1 Update go-ldap to fix #6135 2019-01-31 17:07:25 -05:00
Jeff Mitchell 85a560abba
Refactor common token fields and operations into a helper (#5953) 2019-01-30 16:23:28 -05:00
Jeff Mitchell 3f1a7d4fdd
Update to latest etcd and use the new repository packages (#6087)
This will be necessary for go mod work

Additionally, the srv api has changed. This adapts to it.
2019-01-23 14:35:03 -05:00
Becca Petrin aac271ed7f swap the forked aliyun sdk for the original (#6024) 2019-01-23 11:24:51 -05:00
Jeff Mitchell f75f4e75c7 Prepare for 1.0.2 2019-01-15 11:25:11 -05:00
Giacomo Tirabassi 0d3845c537 Influxdb secret engine built-in plugin (#5924)
* intial work for influxdb secret plugin

* fixed typo

* added comment

* added documentation

* added tests

* fixed tests

* added vendoring

* minor testing issue with hardcoded values

* minor fixes
2019-01-08 17:26:16 -08:00
Julien Blache 91d432fc85 FoundationDB backend TLS support and housekeeping (#5800)
* Fix typo in documentation

* Update fdb-go-install.sh for new release tags

* Exclude FoundationDB bindings from vendoring, delete vendored copy

FoundationDB bindings are tightly coupled to the server version and
client library version used in a specific deployment. Bindings need
to be installed using the fdb-go-install.sh script, as documented in
the foundationdb backend documentation.

* Add TLS support to FoundationDB backend

TLS support appeared in FoundationDB 5.2.4, raising the minimum API version
for TLS-aware FoundationDB code to 520.

* Update documentation for FoundationDB TLS support
2019-01-08 09:01:44 -08:00
Jeff Mitchell 7cafbb51bf Update plugins 2018-12-14 10:42:11 -05:00
Jeff Mitchell 9066bba70a CL and plugin updates 2018-12-03 11:45:02 -05:00
Jeff Mitchell 0eef70f279 Update x/net deps to pull in some fixes. (#5827) 2018-11-20 13:29:13 -08:00
Brian Kassouf 2b2b69cf0b Update plugins 2018-11-20 11:43:38 -08:00
Brian Kassouf 48dffb9b7c release prep 2018-11-12 11:10:47 -08:00
Vishal Nayak 0244aa4c54
Update KV dependency (#5707) 2018-11-06 14:33:21 -05:00
Jim Kalafut f5fafdf907
Update kv dependency (#5700) 2018-11-05 21:42:44 -08:00
Nicolas Corrarello 0b44a55d22 Adding support for Consul 1.4 ACL system (#5586)
* Adding support for Consul 1.4 ACL system

* Working tests

* Fixed logic gate

* Fixed logical gate that evaluate empty policy or empty list of policy names

* Ensure tests are run against appropiate Consul versions

* Running tests against official container with a 1.4.0-rc1 tag

* policies can never be nil (as even if it is empty will be an empty array)

* addressing feedback, refactoring tests

* removing cast

* converting old lease field to ttl, adding max ttl

* cleanup

* adding missing test

* testing wrong version

* adding support for local tokens

* addressing feedback
2018-11-02 10:44:12 -04:00
Jeff Mitchell 756e4c5f89 Update jwt to pull in groups claim delimiter pattern 2018-10-31 16:04:39 -04:00
Jim Kalafut 3abb1bfaa9
Update Azure Secrets plugin (#5606) 2018-10-25 12:06:55 -07:00
Jeff Mitchell 0406eeb8b7 Check in some generated protos needed by non-native archs 2018-10-23 12:46:47 -04:00
Chris Hoffman dec2eb88b6 adding gcpkms secrets engine (#784) 2018-10-22 23:39:25 -07:00
Matthew Irish 8073ebcd1e Merge branch 'oss-master' into 1.0-beta-oss 2018-10-19 20:40:36 -05:00
Jim Kalafut 6f7b298de4
Update Azure Secrets plugin (#5533) 2018-10-19 16:15:31 -07:00
Calvin Leung Huang a08ccbffa7
[Review Only] Autoseal OSS port (#757)
* Port awskms autoseal

* Rename files

* WIP autoseal

* Fix protobuf conflict

* Expose some structs to properly allow encrypting stored keys

* Update awskms with the latest changes

* Add KeyGuard implementation to abstract encryption/decryption of keys

* Fully decouple seal.Access implementations from sealwrap structs

* Add extra line to proto files, comment update

* Update seal_access_entry.go

* govendor sync

* Add endpoint info to configureAWSKMSSeal

* Update comment

* Refactor structs

* Update make proto

* Remove remove KeyGuard, move encrypt/decrypt to autoSeal

* Add rest of seals, update VerifyRecoveryKeys, add deps

* Fix some merge conflicts via govendor updates

* Rename SealWrapEntry to EncryptedBlobInfo

* Remove barrier type upgrade check in oss

* Add key to EncryptedBlobInfo proto

* Update barrierTypeUpgradeCheck signature
2018-10-19 14:43:57 -07:00
Brian Kassouf 48ee3650a3
Update deps (#5521) 2018-10-15 15:25:08 -07:00
Brian Kassouf d987a3c230
Update deps (#5520) 2018-10-15 14:36:55 -07:00